👩💻IW Weekly #30: $10,000 Bounty, Bypassing Filtration, DDoS Attack, Fuzzing for SQL Injection, Recon Tools, etc.
GitHub rewarded $10,000 to Saajan Bhujel for bypassing filtration of HTML tags in GitHub’s new feature.
Welcome to the #IWWeekly30 - the Monday newsletter that brings the best in Infosec straight to your inbox.
Today, we’ve completed 30 weeks together 😍🤝
Our team is working hard to bring you the best picks of the Infosec world every Monday. And we’d love to know if you enjoy them as much as we do :) Post your thoughts on Twitter @InfoSecComm to let us know 😊
Also, don’t forget to buy your ticket for IWCON. We’ve onboarded some of the best Infosec personalities in the world to share their knowledge with you. Check it out here.
Coming back to today's NL, here are our top picks for this week: 7 articles, 6 Threads, 5 videos, 2 Github repos and tools, 1 job alert to help you maximize the benefit from this newsletter and take a massive jump ahead in your career.
Excited? Let’s jump in👇
📝 7 Infosec Articles (5+ 2 beginner-friendly)
#1 Do you know captcha functionalities can lead to great bugs? @Lokesh Kumar found one on Facebook. Read this to find out.
#2 Threat research report from Redhut labs covers thousands of unsecured Kubernetes Clusters exposed on the internet.
#3 Great bypasses lead to amazing bounties. GitHub rewarded $10,000 to Saajan Bhujel for bypassing filtration of HTML tags in GitHub’s new feature.
#4 Informative article on DDoS attack vector: TCP middlebox reflection by Apnic.
#5 Read this insightful article to find how Kuldeep Pandya did a second order XXE exploitation.
#1 Do you want to dive into Android pentesting? Then read this article by Grigoris Papoutsis.
#2 Check this article to deep dive into CSP and its bypasses. Written by Shubham Chaskar.
🧵6 Trending Threads (4 + 2 beginner-friendly)
#1 Take a look into this great thread by Shashank containing a curated list of Smart Contract and Blockchain security blogs.
#2 Osint For All published a thread containing a list of 10 Twitter analysis tools to optimize your search and digital investigation.
#3 Renniepak posted about his recent findings that leaked all users’ password reset links.
#4 Nagli shared his tips about doing fuzzing for SQL injection.
#1 Read this thread by Intigriti to find amazing Recon tools.
#2 Are you venturing into mobile application pentesting? Then checkout this thread by Nitin that contains frequently used tools that can upskill your game.
📽️ 5 Insightful Videos (3 + 2 beginner-friendly)
#1 Sometimes passwords are left out in the open making the life of a threat actor easier. Watch @_JohnHammond setup a vulnerable active directory environment and exploit it to find default credentials.
#2 @Sandy1sm talks about securing open source software at @nullcon. You’ll learn about the approach to doing bug bounty on OSS and find a few examples on @Hacker0x01.
#3 Ever used nuclei in your reconnaissance? It’s now available as a burpsuite plugin. Check out this descriptive video on the plugin by @pdiscoveryio.
#1 Looking to get a new cybersecurity job? Watch this video by @thecybermentor to find some useful tips on landing a great job.
#2 Watch @NahamSec video on attack surface management to find every single domain a company has ever owned.
⚒️ 2 Github repositories & Tools
#1 Checkout this latest release of subfinder by the @pdiscoveryio team.
#2 Autodeploy is a tool written in bash which allows you to synchronize config files, maintain same version of tools, etc. across multiple machines by @GrahamHelton3.
💰1 Job Alert
#1 Cloud Defense has openings for 4-6 Java engineers and 2 front-end developers.
Experience level: Middle to senior.
Framework needed: Java Spring Boot. Good to have: AWS & Azure.
💸Advertise with us💸
We are looking to partner with amazing infosec, pen testing, and ethical hacking teams, brands, and companies from all over the world. If this sounds like you, click here to partner with us.
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter.
Before we say bye…
If you found this newsletter interesting, and know other people who would too, we'd really appreciate if you could forward it to them 📨
If you have questions, comments, or feedback, just reply to this email or let us know on Twitter @InfoSecComm.
See you again next week.
Lots of love
This newsletter has been created in collaboration with our amazing ambassadors.
Resource contribution by: Ayush Singh, Hardik Singh, Nikhil Memane, Nithin R, and Pramod Kumar Pradhan.
Newsletter formatting by: Hardik Singh, Vinay Kumar, Siddharth, and Ayush Singh.